🛡 Security & Privacy
Visibility Settings
Set which category of users can see and use what parts of the contest. Following are the settings :
| Setting | Description |
| Challenges | Whether a visitor/ user must be registered to view challenges. |
| Scoreboard | Whether a visitor/ user must be registered to view the scoreboard. |
| Profile | Control who can see contestant profiles. |
| Notice | Control who can see notices published. |
Privacy Settings
Set which category of users can see and use what parts of the contest. Following are the settings :
| Setting | Description |
| Allow Account Deletion | Allow users to delete their account on the platform. |
| Enable Hard Deletion | If enabled, all data associated with the user will get permanently erased. By default, on account deletion only the user's personal information is erased while other non-private data is stored in an anonymous form. |
| Track IP address | If disabled, IP addresses of users shall not be logged. By default, IP addresses are logged when a user logs in or performs certain activities.. |
| Allow User to Request Account Data | If enabled, users will be able to download all data about themselves on the platform in a zip file. |
| Show Cookie Banner | A cookie banner will be shown upon a user's first visit to the platform. A learn more option shall be displayed, taking the user to /cookies or /privacy page. |
Password Policy
| Setting | Description |
| Challenges | Whether a visitor/ user must be registered to view challenges. |
| Scoreboard | Whether a visitor/user must be registered to view the scoreboard. |
| Profile | Control who can see contestant profiles. |
| Notice | Control who can see notices published. |
Single Sign On
The platform supports configuring single sign-on using OAuth 2.0.
| Setting | Description |
| Enable OAuth SSO | Use OAuth 2.0 to authenticate contestants and admins, and to link them to their respective accounts. |
| PasswordLess Mode | Enforce and use SSO for authenticating all user, and disable password-based login, and normal account creation. |
| Enforce SSO for Organizers | Enforce all organizers (admin users) to login only through single sign on. Users might lose access to the platform if they do not have the SSO profile linked to their account. |
OAuth 2.0
OAuth 2.0 is an open standard for authorization, commonly used as a way for Internet users to grant websites or applications access to their information on other websites without giving them the passwords.
The following settings are required to configure OAuth 2.0:
- Client ID : The client ID of the OAuth 2.0 application.
- Client Secret : The client secret of the OAuth 2.0 application.
- Scopes : The scopes to request from the OAuth 2.0 provider.
- Authorization Endpoint : The URL to redirect the user to for authorization.
- Token Endpoint : The URL to exchange the authorization code for an access token.
- User Info Endpoint : The URL to fetch user information from.
- Revocation Endpoint : The URL to revoke the access token.